Slashdot Mirror
Safe and Insecure?
JoeCotellese writes "Can making your network insecure actually improve your security? That's the question asked in this story running in Salon. The author makes the case that by 'making my Internet connection available to any and all who happen upon it, I have no way to be certain what kinds of songs, movies and pictures will be downloaded by other people using my IP address. And more important, my ISP has no way to be certain if it's me.'"
Or am I the only one who has terms and conditions which say that I am responsible for everything that passes over my connection?
Wishing something doesn't make it so.
Not guilty on copyright infringement. Guilty of aiding a felony. Brilliant.
Safe and insecure
I opened up my wireless home network to the world, and I've never felt more comfortable.
- - - - - - - - - - - -
By Micah Joel
May 18, 2004 | Last week, I turned off all the security features of my wireless router. I removed WEP encryption, disabled MAC address filtering and made sure the SSID was being broadcast loud and clear. Now, anyone with a wireless card and a sniffer who happens by can use my connection to access the Internet. And with DHCP logging turned off, there's really no way to know who's using it.
What's wrong with me? Haven't I heard about how malicious wardrivers can use my connection from across the street to stage their hacking operations? How my neighbors can steal my bandwidth so they don't have to pay for their own? How I'm exposing my home network to attacks from the inside? Yup.
So why am I doing this? In a word, privacy. By making my Internet connection available to any and all who happen upon it, I have no way to be certain what kinds of songs, movies and pictures will be downloaded by other people using my IP address. And more important, my ISP has no way to be certain if it's me.
In mid-April, Comcast sent letters to some of its subscribers claiming that their IP addresses had been used to download copyrighted movies. Since Comcast is not likely to improve customer satisfaction and retention with this strategy, it's probable the letter was a result of pressure from the Motion Picture Association of America or one of its members. And to Comcast's credit, it stopped short of direct accusation; instead it gives users an out. Says the letter, "If you believe in good faith that the allegedly infringing works have been removed or blocked by mistake or misidentification, then you may send a counter notification to Comcast."
That's good enough for me. I've already composed my reply in case I receive one of these letters someday. "Dear Comcast, I am so sorry. I had no idea that copyrighted works were being downloaded via my IP address; I have a wireless router at home and it's possible that someone may have been using my connection at the time. I will do my best to secure this notoriously vulnerable technology, but I can make no guarantee that hackers will not exploit my network in the future."
If it ever comes down to a lawsuit, who can be certain that I was the offender? And can the victim of hacking be held responsible for the hacker's crimes? If that were the case, we'd all be liable for the Blaster worm's denial of service attacks against Microsoft last year.
Don't get me wrong. I'm not deliberately opening my network to hackers and miscreants bent on downloading copyrighted material. I'm simply choosing not to secure it. That's no different from the millions of people who haven't installed anti-virus software and the millions more who don't keep theirs up to date. Yes, their vulnerabilities allow viruses to spread more quickly, but that's their choice, right?
What about the security of my home network? A determined hacker may be able to crack my passwords or exploit weaknesses in the operating system that I never even thought of, but how is that different from before? There's no system that's completely secure, so whether hackers are inside or outside my firewall will make little difference. I'm willing to trade a little security for privacy.
It feels strange to be opening up my network after years of vigorously protecting it, and it's not without a tinge of anxiety that I do so. But there's also a sense of liberation, of sticking it to the Man, that's undeniable, as well as an odd sense of community. It seems there's safety in numbers after all, even among strangers.
Salon is talking about networks open by design, not insecure networks.
There's a huge difference in implimentation, and also when speaking of liability and your situation in the eyes of the law.
I'm not a lawyer, so I'll hold off from saying more.
RD
the author acknowledges this (and even uses similar words: "I'm willing to trade a little security for privacy.") in the article. the poster made the bad implication, not the original author.
good eye though!!
Speakeasy [http://speakeasy.net/] doesn't - in fact, they ENCOURAGE it.
No, I don't work for them. Just a very satisfied customer on a 6.0/768 DSL connection.
:)
feh. stuff.
Except its illegal to use your mailbox for that.
I have a friend that needed to give another friend back a fake bomb used in a school play. He decided to return it to the other friend's mail box, thinking that he would notify the friend before the postman came by. Unfortunately he forgot, but my friend who had the mailbox found his mail laying right on top of the fake bomb, apparently the postman did not seem to be bothered by the bomb. A few days later he got a visit from Postal Inspectors and was luckily not put in jail, but they did inform him that it was illegal and that mailboxes were not "personal receptacles."
I put up with the advert - actually I made some coffee while it was on.
... except him.
The guy says that he's done this so that if his ISP ever accuses him of downloading illegal stuff, he can say "my connection was not secure; it could have been anybody". The fact is, he's posted an article on a publicly available site which tells everybody that he is doing this deliberately. "Well", says the ISP, "you are too stupid to have an internet connection". Snip go the scissors on his line. If this is not in their terms of service, I'm sure they can withdraw it with just a little financial compensation e.g. refund a couple of months of fees. But basically, they will not want anybody who exhibits such deliberate antisocial behaviour as a customer. (Antisocial because, for instance, a spammer could use his connection to send spam).
He's doing this so he can tell the ISP that it's not his fault if they detect somebody from his IP downloading illegal stuff. He has neglected the fact that if his connection was secure, nobody would be able to download illegal stuff from his IP...
hmmmmmmm.....
All I want is a secure system where it's easy to do anything I want. Is that too much to ask ~~ Randall Munroe
Yeah, see "contributory negligence".
Assuming you were in the United States, you would go to your state public utilities commission, or equivalant, and file for a Certificate of Public Information, Convenience or Necessity
There are specific requirements that vary from state to state
How does the Slashdot Effect happen given that no slashdotters ever RTFA?
then yes, you would be responsible.
If you load your car to a friend and they kill someone, you're liable.
That's the problem with analogies. It's so easy to think some detail isn't important to include.
"stealing your car" is not analogous to what this person is doing. They are activly loaning their car. And as such they will be responsible for what happens.
Ben
Work Safe Porn
Sure, they encourage sharing, and they offer divided billing, but their customers are still liable for whatever traffic they exchange with speakeasy. I don't know if you have the same Terms of Service that I have, but I see this when I log in and poke around. Look down to "responsible" at the end.
Both parent posts are pretty much right, but you should *definitely check that you're complying with the law* regarding what you must keep.
I'd recommend reading this paper over at SecurityFocus as it covers a pretty similar remit: Destructive Influence By Scott Granneman
Basically what he says is that if you have a thoroughly designed and well implemented data destruction policy (that complies with local laws) it can be somewhat favorable should something bad, like a lawsuit, come your way.
What you need is a router that provides bandwidth priority to some connections and not others
You mean QOS? about qos
Is it true that more people vote for the winner of American Idol, than vote for the president? -Ali G.
Your Use of Bus and Star Topologies is misleading on how newer broadband connections work.. xDSL is not dedicated to the CO.. Its only dedicated to the nearest concentrator which may or may not be over capasity.. by the time it hits the CO your looking at atleast a 1000-10000+% under supply of upstream bandwidth reguardless of your broadband medium... any salesperson mentioning the word dedicated when he is talking about broadband should be shot... Its the internet and by its nature is a shared medium. its moot to use the work dedicated because it all combines into a pipe that cannot supply every connection if each connection were at peak utilization.. Not even getting into packet switching capasity which is by the large part the real bottle neck when you look at a carrier class connection. The whole debate about cable is faster or xDSL being faster is a moot point its all based on engineering, design, and quality of the "Plant"... I can easily find areas where cable is faster than xDSL and visa versa...
Also cable has a vast frequency available to utilize and can be setup using multiple freq's creating a virtual star topology in an area... Cable is best described as a hybrid network as you can find nearly every style of network architecture someplace in cable systems.
Who needs WiFi when we can have Packet Over Sheep! http://datacomm.org/PoS-InternetDraft.txt
Yes, but it'll have been destroyed long before you get the subpoena. That's all that matters. If you're destroying it in order to keep from complying with a subpoena, then you're in trouble. It's called being proactive. :)